The NHS is facing a chilling new threat with experts warning that hackers could exploit internet-connected hospital fridges storing life-saving medicines and vaccines. A cross-party group of MPs and experts has raised alarm over Chinese-made components embedded in NHS equipment, warning they could be used to access critical systems remotely. The Coalition on Secure Technology (CST), a cross-party group of policymakers and experts campaigning to raise awareness of the threat posed by Chinese Cellular IoT modules, says the components that allow fridges to connect to the internet are often made in China.
The CST said that Beijing could use the components called cellular internet-of-things modules (CIMs) in order to access NHS refrigerators remotely. Medical refrigerators play an essential role across hospitals, keeping vaccines, blood samples and temperature-sensitive medicines within strict safety ranges. But as more units become "smart" and connected to internal networks, cybersecurity risks are rapidly increasing.
A hacker could be able to change temperatures, switch units off, disable alarms or even falsify temperature logs.
Speaking to the Express, an expert warned that the danger is far broader than many realise. An operational technology (OT) security expert who specialises in securing fleets of connected devices across British industry and manufacturing, said that the rapid rise of internet-connected device, from household appliances to hospital equipment, is dramatically expanding the number of potential entry points for hackers.
Steffan Roxrud Thorvaldse, CEO of the smart device management platform Qbee, argues that the 'smart factory' model where everything is connected, from AI devices, sensors and robotics, is particularly vulnerable to sabotage from state-backed actors, as demonstrated by JLR's shutdown of its entire production environment/assembly lines last year.
He said the core issue lies in a widespread failure to maintain and update connected devices, leaving them exposed to attack. The rapid growth of internet-connected devices is increasing cyber risks, with many IoT products left exposed due to a lack of regular software updates.
Like iPhones need regular updates, Mr Thorvaldse explained that connected devices such as vacuum cleaners and refrigerators must also be routinely updated to remain secure.
He said: "There are necessary updates you need to do on the devices to have them secure. There's a real lack of understanding that IoT devices need to be maintained as much as phones do, because they're critical. I don't think that everyone knows that an IoT device is a critical device."
Connected devices like fridges could act as a gateway into wider hospital systems if not properly secured, the expert said.
Mr Thorvaldse: "If there's a weakness in that device, you can use that device to get in backwards into the system. That's always the danger."
The scale of the challenge is immense. For an organisation as vast as the NHS, the expert said organisations need systems that can push updates remotely and monitor devices in real time.
"If you have 10,000 refrigerators all over the UK, you can't go around driving with a [USB] stick and updating them. That's too costly. You need a system that can push updates out and get feedback that they are actually maintained."
Perhaps most concerning is the rise of Artificial Intelligence in cyber warfare. Mr Thorvaldse warned that AI is a double-edged sword that has made hacking "big business."
Mr Thorvaldse spoke of "Security by Design," where critical devices are updated via local connections rather than being exposed to the public internet.
"We have clients that don't want their devices anywhere near the internet," he said. "You can run updates inside a building with local connections."
He added: "I don't think the situation is going away." He said that every company and government must "stay ahead of the game" by investing in the best defensive tools available, or they will end up paying much more in ransom and infrastructure damage later.
He argues that governments like that of the UK are traditionally slow to adopt new tech and must "partner with startups" to move fast enough to outpace these state-backed threats.
Qbee protects - among many other British, EU and US facilities - the UK-based manufacturing plant of LISI Aerospace, a global leader in hightech aircraft components.
The concerns come as cybercrime continues to cost the UK billions each year. A sector-specific costings report published by the government in November 2025, estimates that the average cost of a significant cyber attack for an individual UK business is nearly £195,000.
When extrapolated nationwide, that figure rises to a staggering £14.7 billion a year - equivalent to around 0.5% of the UK's GDP.
-
Taraji P. Henson on motherhood, Broadway debut in ‘Joe Turner’s Come and Gone’
-
Chief Minister Samrat Chaudhary held a high-level meeting with DM-SP, said – ‘Strict action should be taken in crimes against girls’
-
Plastic vs Stainless Steel: Why is Gen-Z excluding plastic from their lifestyle? Know 5 big reasons
-
Foreigners surprised by Vietnam’s booming café photo culture
-
Ana de Armas celebrates 37th birthday
